Free CyberCrime Resources for the Justice Professional: An Interview with Ben Spear

Law enforcement has always had to adapt to keep up with all the ways criminals break the law. As the story goes, when cars became readily available at the turn of the last century, thus making it easier for bank robbers to get away, police forces began adding cars to their assets – ways of chasing and capturing criminals.

The same can now be said for cybercrime: thanks to the internet, criminals now have ways not only to commit, but also evade law enforcement … all without ever having to leave home. And the problem only continues to grow exponentially each year.

As Michael Kaiser, Executive Director of the National Cyber Security Alliance, estimated in a PERF report, “80% of crimes have a cyber aspect—a voicemail, a Facebook post, data from a cell phone call. Even for an investigation into something simple, like a street robbery, detectives often need to look into data from a stolen cell phone, including GPS data that can show exactly where the phone is located, often within a matter of 10 or 20 feet. I think this demonstrates the importance of having police departments prepared for this type of crime.”

So how can law enforcement agencies keep up – not just in terms of crime fighting, but also in terms of learning about these unique crimes?

Justice Clearinghouse Editors (JCH): Cybersecurity and cybercrime is such a quickly changing, conglomeration of issues, topics, and updates … seemingly too big for the “average” justice professional, law enforcement officer, etc to keep up on. Why is it important for someone in the justice community to stay on top of cyberthreats, even when it may not be their specialty?

Ben Spear: Even if not their specialty, it is important for someone in the justice community to stay on top of cyber threats because we are increasingly seeing cyber tactics bleed into the traditional crime world. In the past, cyber threat actors adapted common criminal tactics such as scams and extortion into the digital realm, but it’s not really a one-way flow, it’s more of a cycle. Traditional criminals use tools like the Dark Web, encrypted communications, and cryptocurrencies to obfuscate communications and reduce their paper trail. Some even resort to cyber tactics to obtain their traditional goals. At the end of May 2017, the FBI reported the arrest of members of a motorcycle gang stealing Jeeps. The gang had obtained access to a sensitive database with the programmable codes for the key fob of each VIN number. Even if justice professionals have not encountered cyber threats before in their role, I can guarantee that won’t always be the case. Keeping tabs on common tactics in the cybersecurity community will allow them to more easily spot those new tactics when they are used.

JCH: Your webinar topic is specifically about the free resources available for justice professionals. Many of our justice professionals may be at “beginning” stages of learning about cybercrime, while others are seasoned pros. Help us understand how your webinar can jumpstart their learning – no matter at what stage of the learning cycle they’re at or what their job currently is.

Ben: This presentation does have a little bit of something for everyone. At one end, I will be presenting on educational resources useful to beginners and for cybersecurity awareness campaigns in the community, but I’ll also cover many of the organizations justice professionals can coordinate with in cybersecurity response, as well as technical tools and programs for those with more advanced capabilities. Just within the training resources there are basic webinars about certain threat trends to in-person or online courses that prepare you for a certification. There is so much content out there from a range of agencies and organizations that justice professionals of all stripes will find something new they can utilize in their everyday job.

I do want to clarify though, when it comes to justice professionals there are two sides to the cybercrime coin – understanding the cybercrime you might encounter in the field and protecting your agencies and employees from it. Unfortunately, state and local governments are the victims of cybercrime. So as a manager and decision maker it’s important to understand what might impact your organization or people, so you can prepare for it and react appropriately when something does happen. And yes, this presentation will cover some resources that manager’s and IT staff can take advantage of, too.

JCH: Let’s say someone is new – but really intrigued – about the field of cybercrime, but overwhelmed by the vast amount of information out there. Carve out baby steps for us: what three first steps would you advise they start with?

Ben: I would strongly recommend that those interested in cybercrime start by reading some baseline publications produced by the United States Computer Emergency Readiness Team (US-CERT) at https://us-cert.gov/security-publications or any of the Security Primers published by the MS-ISAC at https://www.cisecurity.org/resources/white-papers/?o=ms-isac. These publications provide a basic background for very common tactics, as well as some defense and mitigation recommendations. Common tactics you might want to start with include malware, ransomware, distributed denial of service (DDoS), SQL injection (SQLi), and phishing. As you read those, if you encounter words or methods you are unfamiliar with, turn to Google to provide some additional background. Wikipedia is actually a great source for understanding the basics. From there, start down the rabbit hole and follow links. YouTube is also a good place to research terms because there are a lot of introductory videos.

Before you get too far into cybercrime, I’d also suggest brushing up on your computer knowledge. Understanding some of the basics about how computers and networks, including the Internet, work will hold you in good stead when you want to understand how an attack works. Again, start with Wikipedia and YouTube for those basic introductions.

Once you have some background I recommend keeping tabs on cybersecurity news. You certainly don’t want to be overwhelmed. Many of the sources out there regurgitate similar information. Subscribe to a daily or weekly email newsletter that brings together all the recent news. And when you see or hear something you don’t understand, look it up. Read a few articles on it.

Lastly, I would recommend keeping an eye out for any local cybersecurity conferences hosted by your local or state government to attend at least once. While many of these conferences have a technical track, they often include several sessions that work to explain concepts or campaigns and break down the information for less technical audiences. Attending one or two of these conferences may provide you with a good understanding of common cybersecurity issues. Even more importantly, they provide an opportunity for networking with experts in the field that you may be able to call on for assistance when a cybercrime incident lands on your desk.

JCH: What drew you to the area of cybercrime? This is such a fast changing field… What keeps you motivated to stay on top of the latest developments or news?

Ben: I came to cybercrime through my interest in computing and trying to merge that interest with my political science and history background. I found the impact that cyber threats could have in traditional political settings, including wars, fascinating. What keeps me interested is that there is always something new. Even if it seems like actors are regurgitating the same old tactics year after year there is always one piece that is different that allows them to evade detection or generate more money. It’s learning about these tiny tweaks and how they work that keeps me interested. I also get a kick out of the occasional mistakes or missteps the bad guys make.